Agile security using an incremental security architecture

被引：0

作者：

Chivers, H ^{[1
]}

Paige, RF ^{[1
]}

Ge, XC ^{[1
]}

机构：

[1] Univ York, Dept Comp Sci, York YO10 5DD, N Yorkshire, England

来源：

EXTREME PROGRAMMING AND AGILE PROCESSES IN SOFTWARE ENGINEERING, PROCEEDINGS | 2005年 / 3556卷

关键词：

D O I：

暂无

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

The effective provision of security in an agile development requires a new approach: traditional security practices are bound to equally traditional development methods. However, there are concerns that security is difficult to build incrementally, and can prove prohibitively expensive to refactor. This paper describes how to grow security, organically, within an agile project, by using an incremental security architecture which evolves with the code. The architecture provides an essential bridge between system-wide security properties and implementation mechanisms, a focus for understanding security in the project, and a trigger for security refactoring. The paper also describes criteria that allow implementers to recognize when refactoring is needed, and a concrete example that contrasts incremental and 'top-down' architectures.

引用

页码：57 / 65

页数：9

共 14 条

[1] AMEY P, 2003, 2003 ANN ACM SIGAD I, P4
[2] [Anonymous], ADDISON WESLEY OBJEC
[3] Beck K., 2004, Extreme Programming Explained: Embrace Change, V2nd
[4] Beznosov K, 2003, 1 ACM WORKSH BUS DRI
[5] BEZNOSOV K, 2004, NEW SEC PAR WORKSH
[6] CHIVERS H, 2004, GRID SEC PRACT EXP W
[7] ENDIKTSSON O, 2004, GENIE LOGICIEL INGEN
[8] Hoo KS., 2001, SECURE BUSINESS Q
[9] Assessing XP at a European Internet company
Murru, O
Deias, R
Mugheddu, G
[J]. IEEE SOFTWARE, 2003, 20 (03) : 37 - +
[10] NIST (National Institute of Standards and Technology), 2002, NIST SP

← 1 2 →